Applying the take-grant protection model

The Take-Grant Protection Model has in the past been used to model multilevel security hierarchies and simple protection systems. The models are extended to include theft of rights and sharing information, and additional security policies are examined. The analysis suggests that in some cases the basic rules of the Take-Grant Protection Model should be augmented to represent the policy properly; when appropriate, such modifications are made and their efforts with respect to the policy and its Take-Grant representation are discussed

Master of Science in Computer Science

thesisIn today's IP networks, any host can send packets to any other host irrespective of whether the recipient is interested in communicating with the sender or not. The downside of this openness is that every host is vulnerable to an attack by any other host. We ob- serve that this unrestricted network access (network ambient authority) from compromised systems is also a main reason for data exfiltration attacks within corporate networks. We address this issue using the network version of capability based access control. We bring the idea of capabilities and capability-based access control to the domain of networking. CeNet provides policy driven, fine-grained network level access control enforced in the core of the network (and not at the end-hosts) thereby removing network ambient authority. Thus CeNet is able to limit the scope of spread of an attack from a compromised host to other hosts in the network. We built a capability-enabled SDN network where communication privileges of an endpoint are limited according to its function in the network. Network capabilities can be passed between hosts, thereby allowing a delegation-oriented security policy to be realized. We believe that this base functionality can pave the way for the realization of sophisticated security policies within an enterprise network. Further we built a policy manager that is able to realize Role-Based Access Control (RBAC) policy based network access control using capability operations. We also look at some of the results of formal analysis of capability propagation models in the context of networks

Applying Automated Theorem Proving to Computer Security

While more and more data is stored and accessed electronically, better access control methods need to be implemented for computer security. Formal modelling and analysis have been successfully used in certain areas of computer systems, such as verifying the security properties of cryptographic and authentication protocols. However, formal models for computer systems in cyberspace, like networks, have hardly advanced. A highly regarded graduate textbook cites the Take-Grant model created in 1977 as one of the \current examples of security modelling and analysis techniques. This model is rarely used in practice though. This research implements the Take-Grant Protection model\u27s four de jure rules and Can Share predicate in the Prototype Verification System (PVS) which automates model checking and theorem proving. This facilitates the ability to test a given TakeGrant model against many systems which are modelled using digraphs. Two models, one with error checking and one without, are created to implement take-grant rules. The first model that does not have error checking incorporated requires manual error checking. The second model uses recursion to allow for the error checking. The Can Share theorem requires further development